ringersol:Or they're about to make (yet another) play to regulate government backdoors in all encrypted communication and need to pretend like they can't do their job or stop so much as the corner dope dealer without it. Which is more likely. Because, again, criminals use burners.

That's disturbingly likely, actually, considering the anti-hacking and computer security bills they're "just now preparing" for the north korean situation..

WhoopAssWayne:dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.

It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance. They've never denied this as far as I know. Given the kind of pressure the US government can exert, I don't think anyone would be surprised if they did the same to Apple. This could just be a clever false flag operation. Convince drug dealers and other criminals to use something they know to be cracked wide open, like say iMessage, versus using a service with strong, open source encryption.

They repeatedly deny such conspiracy theories.

http://borepatch.blogspot.com/2009/11/microsoft-no-nsa-back-door-in-w i ndows-7.html?m=1

mrmopar5287:UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government. They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out. So why would you expect Microsoft to have unimpeachable morals?

Your examples bear no similarity and this has nothing to do with morals. A telco handing data to the government is no more surprising than an ISP doing the same, and we all know they do so. Microsoft would cooperate in the same manner if they possessed user data on file that the government desired, of that I have no doubt. Intentionally building a point of entry into an operating system? Hell no. It would entirely obviate any attempts at security from that point forward. Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists? Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder. By that same token, they could do the same to us and I promise you the US Government would be having NONE of that.

As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

A Shambling Mound:Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists?Sorry, ain't buying it.

The government has their own custom distribution of Windows for their computers. Something about the Air Force office of information technology does their own patching of exploits and has their own distributions that are rolled out onto government computers. The US government has access to take the exploits out of their own computers (but leave it into the retail distributions sold to everyone else).

Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder.

You use malware like that for the petty stuff that you know will leak into the news, or be easily discovered. That's plausible deniability stuff that can be jettisoned overboard when you need a disposable excuse to put on the news. You save the deep, built-in exploits for serious spying: emergencies and other stuff that is so clandestine that it will NEVER be discussed outside the high-level people at the top.

mrmopar5287:A Shambling Mound: Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists?Sorry, ain't buying it.

The government has their own custom distribution of Windows for their computers. Something about the Air Force office of information technology does their own patching of exploits and has their own distributions that are rolled out onto government computers. The US government has access to take the exploits out of their own computers (but leave it into the retail distributions sold to everyone else).

Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder.

You use malware like that for the petty stuff that you know will leak into the news, or be easily discovered. That's plausible deniability stuff that can be jettisoned overboard when you need a disposable excuse to put on the news. You save the deep, built-in exploits for serious spying: emergencies and other stuff that is so clandestine that it will NEVER be discussed outside the high-level people at the top.

Wow, okay, I give up. I will simply re-iterate one last time because I almost feel like it's just bouncing off - there is no government sponsored backdoor built into Windows. It is simply not there. It does not exist. It is a non-thing.

Straight talk phones at Walmart are like 20$, they take no information other than a zip code to start up, use them for a month or two, only turn them on when you need to use them, and sell your drugs in peace.

90supraT:Straight talk phones at Walmart are like 20$, they take no information other than a zip code to start up, use them for a month or two, only turn them on when you need to use them, and sell your drugs in peace.

JohnnyRebel88:Is there any software that an Android user can purchase to block the DEA or anyone from listening in on your device?

In what sense?

If you're calling or getting calls from the standard telephone network, they're decrypted and turned into standard, unencrypted, 8kHz telephone audio somewhere along the line. Which is tappable.

If you had two Android devices with the same end-to-end encryption software on them (which is out there), then it's as good as that encryption is against how good the listeners are, same as any other end-to-end-encryption.

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.

Makes it a lot harder for you to decrypt if you neither have nor can remember the key, though.

And sure, here's a block of text from a famous historical document encrypted according to my own uncrackable cipher:

1

Just try to crack that one, guys.

Done:

Since, moveover, for God and the amendment of our kingdom and for the better allaying of the quarrel that has arisen between us and our barons, we have granted all these concessions, desirous that they should enjoy them in complete and firm endurance forever, we give and grant to them the underwritten security, namely, that the barons choose five and twenty barons of the kingdom, whomsoever they will, who shall be bound with all their might, to observe and hold, and cause to be observed, the peace and liberties we have granted and confirmed to them by this our present Charter, so that if we, or our justiciar, or our bailiffs or any one of our officers, shall in anything be at fault towards anyone, or shall have broken any one of the articles of this peace or of this security, and the offense be notified to four barons of the foresaid five and twenty, the said four barons shall repair to us (or our justiciar, if we are out of the realm) and, laying the transgression before us, petition to have that transgression redressed without delay. And if we shall not have corrected the transgression (or, in the event of our being out of the realm, if our justiciar shall not have corrected it) within forty days, reckoning from the time it has been intimated to us (or to our justiciar, if we should be out of the realm), the four barons aforesaid shall refer that matter to the rest of the five and twenty barons, and those five and twenty barons shall, together with the community of the whole realm, distrain and distress us in al ...

What? Goddammit, I screwed up the math, forgot to carry the one and ended up with ten pages of Lorem Ipsum.

dittybopper:Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Have you been watching The Americans on FX? I love the old school spycraft in the show. The showrunner is ex-CIA officer, so I would expect it to be pretty accurate in terms of the spy stuff, aside from some artistic license and stuff that is changed for the sake of not revealing "trade secrets" that are still classified.

mrmopar5287:UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government. They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out. So why would you expect Microsoft to have unimpeachable morals?

There were other large Telecom companies that were approached who did not participate with the government in that effort. They weren't forced to participate because there weren't any legitimate warrants or subpoenas for this traffic. If there were (legitimate) warrants, then everyone that was asked, would have been forced to participate and the backlash would have been strictly on the government and not on the carriers who succumbed to the pressure to cooperate. My personal opinion is that gobs of money paying the best lawyers is what kept Microsoft from getting terribly damaged by all of the lawsuits the government has put on them over the years and not some form of quid pro quo. There entire business would be shot to hell if it was ever found (and it would be eventually found) that back doors for the government were installed. I don't think Microsoft has unimpeachable morals either. I just think even they are not that stupid such that they would willingly participate in that kind of request.

libranoelrose:UnspokenVoice: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored? I think that's pretty much confirmed. And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared? It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away. Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security. Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it. Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.

mrmopar5287:UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government. They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out. So why would you expect Microsoft to have unimpeachable morals?

See, no. I never thought that. I expected they'd hand data and access to the government because they're a shiatty company. Maybe I'm old and jaded but I wasn't the least bit surprised.

A Shambling Mound:As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.

Absolutely. Because you can't remember hundreds or thousands of random numbers you only saw once or twice, then destroyed.

No amount of beating is going to make you remember something you aren't capable of remembering. That's one of the major features of a one-time pad: Employed correctly, it's absolutely immune to all forms of cryptanalysis, including the kinetic forms.

This, If "any code can be cracked" then governments wouldn't pass laws to force YOU to give up your passwords: they would simply crack the encryption on your device without involving you at all. If the government wants your password, the only thing that's going to get cracked is your skull.

(Distributed.net use to run cracking contests. It took 10,000 computers nearly 3 months to brute-force a 56-bit key. 128 bit keys are the current minimum standard for Internet banking and programs like truCrypt can encrypt with 4096 bit keys. )

Consider this: One-time pads use a key the same length as the sum total of the lengths of all the messages added together, and the key is completely random so no amount of analysis can ever be used to divine a pattern because there is none.

If you try to brute-force a solution, all you will do is generate every possible solution of the same length. Was the message "Kill Bill", "Kiss Kate", or "Flew away", or any other possible combination that length? No way to tell. Ever.

Mad_Radhu:dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Have you been watching The Americans on FX? I love the old school spycraft in the show. The showrunner is ex-CIA officer, so I would expect it to be pretty accurate in terms of the spy stuff, aside from some artistic license and stuff that is changed for the sake of not revealing "trade secrets" that are still classified.

i squared:posted while thinking too analytically - ok, I get the absinthe part, but still not sure why I get "de" instead of "be", and "crink" instead of "drink".

Mistakes on my part. I was doing it quickly, while working on other, less cool tasks. I destroyed the worksheet (actually, an instance of notepad that I didn't save), so I can't say whether my mistake was in the math, or whether it was a mistake in looking up the equivalents in the straddling checkerboard, or both.

In real life, though, mistakes like that often happen in communications. Go ahead and look at the e-mails and texts you've received lately. I'm betting there are some typos in there.

UnspokenVoice:A Shambling Mound: As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.

The reality is that I agree with you entirely. If the Gov't came to MS and said "Hey, there's this exploit we like, can you keep it?" I would fully expect MS to say "Hey, thanks for letting us know. No."

A Shambling Mound:UnspokenVoice: A Shambling Mound: As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.

The reality is that I agree with you entirely. If the Gov't came to MS and said "Hey, there's this exploit we like, can you keep it?" I would fully expect MS to say "Hey, thanks for letting us know. No."

I was just trying to give the tinfoil-hatterati a little slack.

I get it. It appeared that you were indicating that they'd leave it open for the government and that just seems way too unlikely to me.